New virus
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Jan 12 19:33:26 GMT 2006
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Kevin Miller wrote:
> Julian Field wrote:
>
>> Scott Silva wrote:
>>
>>
>>> Julian Field spake the following on 1/12/2006 6:23 AM:
>>>
>>>
>>>
>>>> The filename.rules.conf should by default be trapping *.hta files,
>>>> even inside zip files. So it should still be caught by MailScanner,
>>>> even without the AV engines.
>>>>
>>>>
>>>>
>>>>
>>> But having Maximum Archive Depth = 0 will prevent MailScanner from
>>> catching this in zip files, won't it?
>>>
>>>
>>>
>> Yes. That is your choice to use that setting, I don't personally
>> advise it.
>>
>
> What are the implications of setting Maximum Archive Depth = 2 (the
> default IIRC) and Allow Password-protected Archives = no? Will that
> break anything?
>
> The comments indicate that the archive depth should be set to 0 if
> disabling password-protected archives. I have a rules file for password
> protected archives, but it defaults for no. I like the protection from
> the passworded zip virus files, but would also like to insure that I'm
> protected on the hta, etc. front.
>
> And if I do set the archive depth back to 2, won't I start putting the
> kiebosh on legitimate .exe, and other files that folks zip to get past
> the normal attachment checking? Don't know how much of an issue that is
> right now but you know how users can get....
>
> ...Kevin
>
Yes, if you put the archive depth to 2, people won't be able to hide
exes by putting them in zip files.
If you do that, you will definitely need a way for users to pull files
out of quarantine.
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list